ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
153-evidence-domain-foundation
TenantAtlas/specs/117-baseline-drift-engine/quickstart.md
ahmido f08924525d Spec 117: Baseline Drift Engine + evidence fidelity/provenance (#142) 
Implements Spec 117 (Golden Master Baseline Drift Engine):

- Adds provider-chain resolver for current state hashes (content evidence via PolicyVersion, meta evidence via inventory)
- Updates baseline capture + compare jobs to use resolver and persist provenance + fidelity
- Adds evidence_fidelity column/index + Filament UI badge/filter/provenance display for findings
- Adds performance guard test + integration tests for drift, fidelity semantics, provenance, filter behavior
- UX fix: Policies list shows "Sync from Intune" header action only when records exist; empty-state CTA remains and is functional

Tests:
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicySyncCtaPlacementTest.php`
- `vendor/bin/sail artisan test --compact --filter=Baseline`

Checklist:
- specs/117-baseline-drift-engine/checklists/requirements.md ✓

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #142
2026-03-03 07:23:01 +00:00

1.5 KiB
Raw Permalink Blame History

Quickstart — Spec 117 Baseline Drift Engine

Prereqs

  • Docker running
  • Dependencies installed: vendor/bin/sail composer install
  • Containers up: vendor/bin/sail up -d

Run the minimum checks

  • Format (dirty only): vendor/bin/sail bin pint --dirty --format agent
  • Tests (focused): vendor/bin/sail artisan test --compact --filter=Baseline (adjust filter to match added tests)

Manual verification flow (admin)

  1. Capture a baseline snapshot via the existing Baseline UI.
  2. Trigger “Compare baseline to tenant” via the existing compare landing page.
  3. Open Monitoring → the OperationRun for the compare:
    • Verify context.baseline_compare.coverage and context.baseline_compare.evidence_gaps are populated.
  4. Open Findings:
    • Verify each finding shows a fidelity badge (content or meta).
    • Verify provenance is shown for both baseline and current evidence: fidelity, source, observed timestamp.
    • Verify filtering by fidelity works.

Developer notes

  • v1.5 compare must not fetch anything upstream. Evidence sources are strictly:
    • PolicyVersion (content) since baseline snapshot captured_at
    • Inventory meta contract (meta)
  • When neither side has evidence for a subject, no finding should be created; the compare run should record an evidence gap.

Troubleshooting

  • If UI changes dont appear, run assets: vendor/bin/sail npm run dev.
  • If tests fail due to stale schema, run: vendor/bin/sail artisan migrate.